Recently, University of Arkansas Medical Sciences (UAMS) fired three employees after a patient’s medical information was posted on Facebook.

The shared information included the patient’s name, age, HIV status, past surgical information, and employment information.

It started with an employee sharing the patient’s information with a coworker.

Remember: The Minimum Necessary clause in HIPAA requires employees access only enough information to do their job, which also means that employees should only share patient information with coworkers when it is necessary for that specific coworker to do his or her job

By the initial employee sharing with a coworker who did not need the information according to HIPAA’s Minimum Necessary clause, that is a breach of privacy.

Then, that coworker shared the information with a friend (definitely not someone allowed to know this information), and the friend posted the information on Facebook.

And, apparently, the third employee involved was fired because he or she knew about the whole situation and never reported it to the officials at the medical center.

The Vice Chancellor of Communications and Marketing, Leslie Taylor, stated that UAMS ensures all employees receive HIPAA training.  These employees knew that it was a fire-able offence.

Additionally, Legal Nurse Consultant, Melanie Ware, stated that this is basic information shared with all new employees.  She also shared that outside of the orientation training, there is a lot of daily training occurring throughout UAMS.

UAMS also sent this case to the U.S. Attorney’s Office to determine if criminal charges will be filed against the three employees.

Taylor also stated that UAMS is currently working to help the patient whose privacy was breached.  There is no current information on how that is being accomplished.

Ware is now hoping that the incident will help improve policies and hopefully this will never happen again.  She said: “As a patient as well, and as a mother of children, and family member, that information needs to be kept confidential.”


The HIPAAgps training covers these situations and others as real-world examples.  To help ensure your employees are trained, join HIPAAgps today.